The most innovative security strategies take a layered approach, a bit like the skin of an onion, with each layer building on the last to ensure complete protection. It’s known as defence-in-depth after the military tactic of the same name. Should one line of defence be compromised, the additional measures would ensure the threat didn’t slip through.
Physical security is often overlooked in favour of cybersecurity, but it’s just as important – how brutal would it be if you’ve just secured your IT servers and someone walks in and steals your hard drive! Read more on the different types of threats, vulnerabilities, and standards within this field.
Why should you use a layered approach to physical security?
We can learn a lot from the medieval model and use similar principles today. Concentric castles were one of the earliest forms of physical protection with an outer wall, a moat, and a robust, fortified inner wall. There was a keep at the top for a clear line of sight. The village was raised with a fence and drawbridge, barred gates, and guard patrols. This provided a two-stage defence of the town to deter intruders. Beaumaris Castle in Wales is one of the best examples of Defence-in-depth.
The Centre for the Protection of National Infrastructure (CPNI) principles of Deter, Detect and Delay, Mitigate and Respond, supported by a security plan, will disrupt and frustrate an attacker’s timeline and give you more time to respond. These key components are the foundation to help protect your assets. It’s good to adopt a security-minded approach as it helps your organisation become more resilient.
With Critical National Infrastructure (CNI), physical attacks could impact essential services like transportation, commerce, clean water, and electricity and disrupt national security and government operations.
Each sector will be facing different threats, so it’s essential to have a personalised solution to recover rapidly from disruptions. For example, energy plays a vital role in the country’s national security as fuel to power the economy. Threats to energy security include:
- The political instability of energy-producing countries.
- Competition over energy sources.
- Attacks on supply infrastructure.
- National disasters.
A visual guide to security layers
The first step in the guidance is ‘beyond the perimeter’ and therefore we should make comment here as to understanding the local area affected, history of intrusion and/or vandalism or theft. Visual evidence of anything that may indicate potential issues is also helpful here.
The second step is perimeter security such as strategic fencing, wire rope, static bollards, CCTV and guard control to monitor the area and deter intruders.
The third step is going deeper with layered security, not just at the perimeter. Think about the entire building: loading bays, smoking areas, drop-off zones—will you use gates, automatic bollards or rising barriers?
The fourth step, you need to protect the core asset—the actual building—with security doors, grilles, window bars, access covers, bulletproof glass etc. Think about the interior—do you have open spaces that are easy to access? Try to see things from an intruder’s point of view and fix any weak spots.
The fifth and final step is to secure external assets, for which you can use cabinets, kiosks, mesh cages, and access covers.
Pedestrianised demarcation bollards can help protect walkways. For temporary security measures, you can use fencing, concrete or steel barriers.
Physical security issues
Forced entry protection—closing the gap.
Virtually all buildings need this as forced entry is often a planned attack using more than one weapon. If you don’t have the proper security and protection to help delay an attack, it increases the ‘exploitable gap’.
Vehicles can be used to cause vandalism or for a targeted aggressive attack. The car can deliver a weapon, or it can be the weapon.
- Vehicle-borne Improvised Explosive Device (VBIED) is a significant threat to people with a higher incidence than biological, chemical or nuclear threats. Blast-standoff (the distance between the explosive and the building) is the most critical factor in limiting damage from VBIED. Increasing this distance helps the construction withstand an explosive because the peak pressure per square inch decreases as standoff increases.
- Vehicle as a Weapon (VAW)—the car itself can be used as a weapon to kill and injure people or damage infrastructure. Terrorist groups are now using vehicles over VBIEDs for attacks as it’s much easier to get hold of a vehicle than make an explosive. They are targeting crowded spaces and sites outside London where security is lower level.
- Tool-based attacks—hand tool attacks may seem like a low priority crime, but they happen often and can cause significant damage and expense to property. Attackers often use quiet tools they can carry easily which leaves room for spontaneity. Such attacks are becoming more sophisticated and planned with organised crime groups.
Standards for measuring physical security
There are several standards to measure the performance of security products developed by governments and independent bodies. Make sure the measures you use are certified and accredited and have been tested on simulated attacks.
Loss Prevention Standards (LPS) is recognised as the relevant standard in the industry, as it’s more comprehensive in scope and identifies recent trends. LPS 1175 focuses on the physical security of ‘intruder resistant building components’, including security enclosures, free-standing barriers, doors, shutters and fencing.
1175 is rated from SR1 (lowest level of attack) to SR8 (highest level) based on the delay they provide against different levels of forced entry.
When researching security standards and ratings, you’ll also find EN 1627—the European standard based on a similar categorisation. This covers pedestrian door sets, windows, grilles, and shutters and safeguards against criminals using stealth to gain access, rather than higher-level attacks covered by LPS 1175.
EN 1627 doesn’t include some standard tools like claw hammers and drills. LPS 1175 includes powerful tools like petrol-driven grinders used by criminal gangs.
A crash test is a form of destructive testing where security products are hit with a vehicle at different speeds to assess the impact in real life.
There are some well-established standards to test vehicle security barriers for hostile vehicle mitigation (HMV). BSI PAS 68 (UK), IWA 14-1 (International) and ASTM F2656 / F2656M (USA).
To identify the type of vehicle that will need to be mitigated against, you need to do a Vehicle Dynamics Assessment (VDA) carried out by a qualified engineer or counter-terror security advisor (CTSA).
Assessing site impact
The pandemic, civil protests and knife crime have all made physical security a top priority. It must be factored into any location where a threat has been identified.
It’s important to balance security controls against risks, e.g. the cost of testing, managing and maintaining controls alongside significant issues like aesthetics, human rights, health & safety, and societal expectations.
Take a holistic view of your security plan—it has to work with what you already have in place and day-to-day operations.
A level of security appropriate for a high-security prison or military ground wouldn’t be suitable for a home, office or vehicle. If your site is industrial, consider hi-vis security as a deterrent. For assets in public spaces, disguised security is less obtrusive… that’s no tree; it’s a mobile phone mast!
Consider merging physical security and cybersecurity as the two are intertwined—you’ll have a more resilient organisation that’s ready to deter, detect, delay, respond and mitigate threats.